The Atlassian Marketplace server is not reachable
症状
アドオンの管理/新規追加ページに移動すると、次のエラーが表示される。
The Atlassian Marketplace server is not reachable. To avoid problems when loading this page, you can disable the connection to the Marketplace server原因 1:
The Stash logs contain the following errors in atlassian-stash.log:
2013-10-29 14:30:17,194 WARN [http-bio-7990-exec-5] user 870x497x1 1lzkc13 XXX.XXX.XXX.XXX,127.0.0.1 "GET /plugins/servlet/upm/marketplace HTTP/1.0" com.atlassian.upm.pac.PacClientImpl Error when querying application info from MPAC: com.atlassian.marketplace.client.MpacException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated原因 2:
The catalina.out contains messages similar to the following:
23-Sep-2014 14:07:32.497 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:567)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:834)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:576)
at org.apache.catalina.startup.Catalina.load(Catalina.java:599)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:310)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:484)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:962)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
... 12 more
Caused by: java.io.FileNotFoundException: /path/to/keystore (Permission denied)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(FileInputStream.java:146)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:388)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:294)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:552)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:492)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:363)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:727)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:456)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:120)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:960)
... 13 more原因
- Cause 1: The Atlassian Marketplace needs to verify the SSL connection between Stash and itself. This occurs because the certificate is missing or has been tampered with by the local Proxy.
- Cause 2: That could also happen if the user who is starting Stash (newly installed versions installed as a service are likely to be started by
atlstash) does not have access to a keystore configured on the<Stash_Install_Dir>/conf/server.xml.
ソリューション
原因 1:
Alternative 1: Using Portecle
What you need to do to get around this issue is to export the certificates for the marketplace.atlassian.com:443, plugins.atlassian.com:443 and dq1dnt4af4eyy.cloudfront.net:443 websites and import them into your Java keystore. There are detailed steps on how to do so using Portacle on the JIRA documentation below. Executing this procedure will take you through the whole export/import process (thus executing step #2 below is not required):
Alternative 2: Using command line
2.1- Fetch the certificate
If you prefer the command line as an alternative, you could do so by issuing:
openssl s_client -connect stash.com:443 < NUL | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > public.crt
The command above will only be executed on Windows if you have Sed for Windows as well as OpenSSL installed on your environment. If you don't have Sed or OpenSSL and you don't want to install it, use the instructions below as an alternative. Issue the following command:
- Use your browser to hit the URL's above.
- Save the certificate content into a file called
public.certfile. The file should contain only what is between theBEGIN CERTIFCATEandEND CERTIFICATElines. This is how your file should look like after you edited it:
-----BEGIN CERTIFICATE-----
< Certificate content as fetched by the command line.
Don't change this content, only remove what is before
and after the BEGIN CERTIFICATE and END CERTIFICATE.
That's what your Sed command is doing for you :-) >
-----END CERTIFICATE-----2.2- Import the certificate into your Java keystore:
After you fetch the certificate, import it into the $JAVA_HOME you are using to run Bamboo:
keytool -import -alias marketplace.atlassian.com:443 -keystore /path/to/keystore -file /path/to/marketplace.atlassian.com.cert
keytool -import -alias plugins.atlassian.com:443 -keystore /path/to/keystore -file /path/to/plugins.atlassian.com.cert
keytool -import -alias dq1dnt4af4eyy.cloudfront.net:443 -keystore /path/to/keystore -file /path/to/dq1dnt4af4eyy.cloudfront.netImportant Notes
Where is my keystore?
- Windows/Linux:
$JAVA_HOME/jre/lib/security/cacerts - Mac OS (サポート対象外):
$JAVA_HOME/lib/security/cacerts
What is the password?
- The default password for the Java TrustStore password is changeit.
Where is my JAVA_HOME?
- To check for the
$JAVA_HOMEvalue, go toAdmin cog icon >> Atlassian Support Tools >> System info taband look forjava.home. Use this value (full qualified path) on the$JAVA_HOMEon the commands above.
原因 2:
Give permission to the user who is running Stash to access the Java certificate store /path/to/keystore